Projects / The Linux Virus Writing HOWTO

The Linux Virus Writing HOWTO

The Linux Virus Writing HOWTO describes how to write parasitic file viruses which infect ELF executables on Linux/i386. Though it contains a lot of source code, no actual virus is included. Every mentioned infection method is accompanied with a practical guide to detection.

Licenses

Recent releases

  •  16 Feb 2003 11:27

    Release Notes: This version splits the document into an introduction and platform-specific parts. They are held together with relative HTML links. This release also flushes the revision history, but converting links in old entries is too much work. i386 development was moved to Red Hat 7.3. A port to Sparc Debian Linux has begun, and a rework of the document is now in progress. "The magic of the Elf" and "The language of evil" are finished. All following chapters are probably broken.

    •  18 Jan 2003 16:03

      Release Notes: This release adds a rewritten segment scanner in C, required changes to the infector framework, support for 64-bit ELF, and a fix for an embarrassing bug in the table of used RPM packages. The document is finished up to "Segment padding infection"; all the following chapters are probably broken.

      •  24 Oct 2002 17:29

        Release Notes: A port to SPARC SunOS 5.7 has begun, and all C++ code has been ported to plain C. Most of configure.pl has been rewritten. Package version and path detection work with RPM, dpkg, Slackware, and SunOS. The Makefile does not require GNU make anymore. The document is finished up to "Segment padding infection".

        •  18 Aug 2002 15:50

          Release Notes: The document was split into an introduction and a platform-specific part. The revision history was flushed, since converting links in old entries is too much work. i386 development was moved to RedHat 7.3. A port to Debian GNU/Linux on SPARC was started. A rework of the document is in progress. "The magic of the Elf" and "The language of evil" are finished. All following chapters are probably broken.

          •  24 Jul 2002 22:21

            Release Notes: The document has been renamedt. Magic of the ELF has been restructured. Links to other sites are now footnotes. There are many portability issues.

            Recent comments

            21 Jul 2009 04:15 zubin71

            i just saw what you put up at

            http://www.linuxsecurity.com/resource_files/documentation/virus-writing-HOWTO/_html/index.html

            Will go through and let you know.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.